From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 30 Nov 2022 14:16:38 +0000 (+0100)
Subject: BUILD: quic: allow build with USE_QUIC and USE_OPENSSL_WOLFSSL
X-Git-Tag: v2.7.0~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b82296c10e9a0bf8021a977a939d1073110e15ef;p=thirdparty%2Fhaproxy.git

BUILD: quic: allow build with USE_QUIC and USE_OPENSSL_WOLFSSL

WolfSSL does not implement the TLS1_3_CK_AES_128_CCM_SHA256 cipher as
well as the SSL_ERROR_WANT_ASYNC, SSL_ERROR_WANT_ASYNC_JOB and
SSL_ERROR_WANT_CLIENT_HELLO_CB error codes.

This patch disables them for WolfSSL.

Signed-off-by: William Lallemand <wlallemand@haproxy.org>
---

diff --git a/include/haproxy/quic_tls.h b/include/haproxy/quic_tls.h
index c4462c48c8..c808405a1a 100644
--- a/include/haproxy/quic_tls.h
+++ b/include/haproxy/quic_tls.h
@@ -120,8 +120,10 @@ static inline const EVP_CIPHER *tls_aead(const SSL_CIPHER *cipher)
 	case TLS1_3_CK_CHACHA20_POLY1305_SHA256:
 		return EVP_chacha20_poly1305();
 #endif
+#ifndef USE_OPENSSL_WOLFSSL
 	case TLS1_3_CK_AES_128_CCM_SHA256:
 		return EVP_aes_128_ccm();
+#endif
 	default:
 		return NULL;
 	}
@@ -242,7 +244,7 @@ static inline const char *ssl_error_str(int err)
 		return "WANT_CONNECT";
 	case SSL_ERROR_WANT_ACCEPT:
 		return "WANT_ACCEPT";
-#if !defined(LIBRESSL_VERSION_NUMBER)
+#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(USE_OPENSSL_WOLFSSL)
 	case SSL_ERROR_WANT_ASYNC:
 		return "WANT_ASYNC";
 	case SSL_ERROR_WANT_ASYNC_JOB: